There's been some discussion today about the security of online accounts, so we wanted to share our perspective. These are topics that we take very seriously because we know how important they are to our users. We run our own business on Google Apps, and we're highly invested in providing a high level of security in our products. While we can't discuss individual user or customer cases, we thought we'd try to clear up any confusion by taking some time to explain how account recovery works with various types of Google accounts and by revisiting some tips on how users can help keep their account data secure.

One of the more common requests for assistance that we receive from regular Gmail users is to help them regain access to their accounts after they have misplaced or forgotten their password. We know that it can be frustrating when you can't access your account, and we've worked hard to come up with a system designed to help our users regain access to their accounts as smoothly as possible while taking appropriate precautions to protect their account security. When you select a password as you create an account, we recommend that you also choose a security question and provide a secondary email address. Recently, we also added a field where you can input a mobile phone number to assist with later account recovery. We regularly provide tips about how you can choose good passwords and security questions, and we also share our best ideas for what to do when you can't access your account. It's important to keep your password, security question, and secondary email address up to date. It's not enough to just tell us your email address to try to change your password. The security question helps us identify you, but if you want to initiate a password reset, we'll only send that information to the secondary address or the mobile phone number you provide.

We handle password recovery differently for our Google Apps customers. There is no password recovery process for individual Google Apps users. Instead, users must communicate directly with their domain administrator to initiate password changes on their individual accounts. Earlier this year we added new password security tools for Google Apps that allow administrators to set password length requirements and view password strength indicators to identify sufficiently long passwords that may still not be strong enough. For businesses that desire additional authentication security, since 2006 we have supported SAML Single Sign On, a protocol that allows organizations to use two factor authentication solutions such as certificates, smartcards, biometrics, one time password devices, and other stronger tokens.

If you're a regular Gmail user and you haven't updated your account information in a while, we recommend you do so by visiting your Google Account settings page now.

26 comments
:

Thanks for opening up a conversation about this subject. One thought I've had recently is that it is in the best interest of Google and all vendors of web apps to have a high level of security. If free Google Apps accounts and/or Google accounts are getting routinely broken into, it is bad for Google in several ways:

On the other hand, if Google can enable a user experience which makes data MORE secure than desktop data, then it will help secure more corporate customers.

Given these incentives, I think it is in Google's best interests to trickle down some of the features from Premier Apps down to Free Apps and Google Accounts. Specifically (for free accounts):

* SAML SSO enabling two factor authentication

* Allow administrators to set password length requirements

* Make it possible for a Google Apps administrator to remove administrative rights from any user (including the one that established the Google Apps account - if this ends up as a frequently used account, then it is more likely to get compromised than a rarely used account that is only used to administer Google Apps)

I certainly understand that Google needs to differentiate between Premier and free versions of Google Apps. And I think the free version of Google Apps is an incredible product. But adding just a couple of extra security features to the free version could be of great help to both users and to Google.

I thin Google should allow to add up security tokens with the Google apps account so people able to do the check. as you know that ATM cards works only with the combination of pin and card..if both things not matched then nothing gonna happen..

same thing should be here..a Google apps password and a security card like an ATM without the combination no access to Google Apps..and Google should not put security as a feature..all premium level security feature should get in all Google Apps account weather its free or paid..

If possible attach Google apps authentication system with fingerprint reader ...that would be much accurate than the password security..

i think all companies should think beyond passwords..web 2 has come so I think in security it's time to implement new level of protocols..password is old thing now..

Security has always been our major concern in this online world. Almost everybody is maintaining accounts online like emails, on purchasing products, online game subscriptions and a lot more. You may also want to check this article about online safety: http://www.articlesbase.com/video-games-articles/safety-in-the-world-of-warcraft-1014729.html

Protecting my personal gmail account is something I take seriously, I really wish that Google would enable me, a personal free email account user, to purchase and use a 2 factor token. For me there is no problem coming up with 20 bucks for a token like I did for Paypal. The cloud is here to stay and that means much more exposure to risk for everyone. Corporations (like Google) can fend for themselves and protect their assets with 2 factor authentication. It hurts know that Google will not offer their customers a way to protect themselves, even if they are willing to bear the cost. Please make 2 factor authentication available for the all users.

2-3 weeks back my wife's gmail account got compromised and her pwd got changed. She changed it 3-4 times and everytime she changed it should to get hacked or god knows what the next day.

There is no way to get access back to the gmail account. The password recovery form asks questions like date/month and year of account creation, how does google think that an individual will remember such things. It has all these questions with months and dates that it is next to impossible to get your account back.

There is no way to write to google for help, there is just no email or contact form. You just keep going round and round and eventually land at the same place.

I've been a huge gmail/blogger fan for the last five years. i've misplaced my pw and can only read my mobile gmail on my iphone and can no longer log into google to blog - www.fixbuffalo.blogspot.com - and no nolonger have access to my secondary email to do the pw recovery routine.

The reality is that relative risk is much higher if the account is a corporate one, and a whole lot of information is suddenly exposed.

The reality also is that this is easy to guard against, and that any enterprise users should use two-factor authentication for Google Apps, SFDC or any other cloud platform.

Two-factor btw means that in addition to the username and password the system requires another unique bit of information. We normally use a phone-based app for this: when coming in from the "outside" you get asked for your username, password, and the magic number displayed by our app on your phone. Most people have their phone within reach at most times, so it's easy.

Adding this level of control to your Google domain takes a day. There is no excuse not to, if your information is valuable enough. This isn't rocket science.

Macduff: I am the admin of a Google Apps Education domain (student.columbustech.edu). I spend more time resetting forgotten passwords than any other job I do. Is there a way to add the password recovery feature to a domain? My LMS and SIS have that feature, but we do not have a SSO system.

Here's a way to add strong authentication including Free Verisign VIP mobile tokens (yes, the same you use for accessing Paypal, etc) to your Google Apps.You do need to be a Google Apps Premier customer. Offered by www.myonelogin.com in partnership with Verisign.To signup go to: http://www.myonelogin.com/googleapps/

The way to go is password less user authentication which my company has developed.

Here the user does not require to define or enter a password or remember it. The password is generated by the unique identity of the users computer or device and is not stored anywhere thus making it inherently more secured.

Imagine an online database on a server such as google's where there is no password field.

There should be a simple way, when creating a new Google account, to simply turn the whole darn password recovery thing off. Not the default, but there in a tiny checkbox for those who really need it.

Password recovery is a CONVENIENCE that compromises SECURITY. Some of us would rather be inconvenienced by having to actually create a rock solid way of remembering our passwords than have the extra complexity and risk of the password recovery apparatus.

Problems with password recovery:

o The recovery email is sent unencrypted; a sophisticated attackercould read it in transit. o If the secondary email is hacked,your ENTIRE Google account is hacked (doubles the attack surface) o You have to make sure the recoveryemail is always active (some emails will be deactivated if unused for a period of time) o I have to think about all these various scenarios, rather than just remembering the darn password!

PLEASE GIVE US THE ABILITY TO OPT OUT OF PASSWORD RECOVERY AT ACCOUNT CREATION TIME!!!